Basic Knowledge
What are Dialers?
Dialers are small programs that either change your existing internet access telephone number or create a new internet connection on a computer system. After the program is downloaded and installed, the dialer connects to the internet via modem or ISDN-card. The existing internet connection is usually disconnected. The dialer sets itself as the default connection, then uses a very expensive phone number to dial in. Usually, dialers only work with Microsoft Windows operating systems.
The Way To The Internet
There are two ways a PC can connect to the internet by using an analog dial-up connection (modem or ISDN) or a broadband connection. The difference between them is how the data is submitted. A dial-up internet access converts the data into sound and sends it through the phone line like a phone call. ISDN submits data digitally using the phone line. Broadband connections (DSL or cable) also send data via the phone line but with much higher frequency. While some DSL connections use the windows dialup connection, the dialer is designed for an analog modems and cannot operate with a DSL or Cable modems. BUT, if you have an analogue modem connected to your computer for faxing or other connection requirements, then despite your broadband connection, the dialer can make the analogue modem dial a premium rate number.
The System of Premium Rate Numbers
Premium Rate Numbers (PRNs) are phone numbers which charge extra fees for services they offer. In the European Union, these numbers, also called service phone numbers, are administered by government institutions. Several services on the internet, radio, TV or in the telecommunication field charge their customers by using these PRNs. The legal situation concerning these numbers differs from country to country. Dialers use local PRNs as well as foreign PRNs. The use of foreign PRNs is not allowed in Germany.
Areas of Application
For the user, dialers are an easy way to for a customer to make a payment. Fee-based services are rising, a number of companies offer goods or services for the price of the phone call to them. The payment for subscription internet sites via dialers (PRNs) is becoming common for internet users.
- Software Downloads (Games, Applications, SMS-logos etc.)
- Download of Newspaper Articles
- Instant News Services
- Sexual Content (Web Cams,Live-chat, Video streaming, Images…)
- Information offers such as Jobs, Homework, Essays, Cooking, Travel, Horoscopes, IQ-Tests and much more.)
Reliable Companies
The system of dialers and PRNs is OK, as long the user knows what he/she is getting into. In many cases, this does not happen. The massive abuse of dialers in Germany in 2003 led to a new law which requires dialers to be registered with the German ‘Regulierungsbehörde für Telekommunikation und Post‘ (a government institution regulating telecommunication and postal services). The registration is only granted if all obligations are fulfilled and unlawful use is impossible. Unfortunately, this is only checked in a very few cases or when complaints are received. Unregistered dialers or those which do not fulfill the regulations are illegal. There are similar regulations of varying strengths in other countries as well. Check with your telecoms provider for the applicable regulatory body.
Dubious Companies
Along side law-abiding companies which use dialers appropriately to charge for their services there are many firms or individuals that do not care about regulations. Illegal dialers have become an international problem. For example dialers are implanted in web pages and are installed on the PC upon visit of the site without your knowledge. These are called auto-dialers. Most dialers can only be removed by a professional, because they are protected from simply being deleted. Many dialers can manipulate the system settings and make themselves appear as a standard connection to the internet. If your phone allows international access, then you could be dialling a foreign premium rate line. (Did you know, for instance, that a phone number beginning with 0049190 is a German PRN?)
How You Protect Yourself From Unwanted Dialers
The tricks of dubious companies become more cunning every day. Thus, it becomes more and more important for internet users to effectively protect themselves from unwanted dialers. This is how it works.
The Right PC Settings
By correctly configuring a PC, protection from dialers can be significantly improved:
Updates And Patches
Update the operating system – and the internet browser – regularly. Dubious firms often use security gaps to install dialers or viruses on your PC. Producers of operating systems, like Microsoft, fix those security gaps with patches and critical updates. If you use Microsoft Windows, install the latest service pack for your system. XP Pro and Home should have Service Pack 2 installed. When installed, warnings are shown in case of pop-ups and unknown ActiveX-activities.
Browser
Microsoft’s Internet Explorer has many security holes. If you wish to use Internet Explorer you should change some system settings to minimize risk. The first and most important step is to deactivate ActiveX in your browser. ActiveX-components are used by many web sites to install and start dialers automatically. To avoid this, proceed as follows:
Extras-> Internet options-> Security-> Internet -> Adjust Level:
Now, change the settings by clicking the check boxes.
Execute ActiveX control elements that are secure for scripting: deactivate
Initialize and execute ActiveX control elements that are not secure: deactivate
Execute ActiveX control elements and plugins>: deactivate
Download of signed ActiveX control elements: deactivate
Download of unsigned ActiveX control elements: deactivate
Additionally, you should set the following:
Active Scripting: deactivate
Installation of desktop elements: prompt
For all browsers: if you wish to be really secure, deactivate JavaScript. Often, the download of dialers is offered in a pop-up. Pop-ups are only possible if JavaScript is activated. Please note: If active contents like ActiveX and JavaScript are deactivated, some web pages may not be displayed correctly or may not appear at all. With this deactivated some functions may not be allowed. Active Scripting has been used to avoid the ActiveX-blocking and can install dialers on the PC anyway.
Please note: if you are running Windows 95/98/ME then windows updates will not operate for you with JavaScript and ActiveX turned off. You will need to re-enable them to update. If you are using Windows 2000 SP4 or Windows XP SP2, then use the automatic update facility in control panel.
Dial-up Connection
The dial-up password should not be stored on the computer. It is better if you have to enter in this information for each new session. This is important, because some dialers register themselves as the default connection. For the same reason, browsers and email applications should be kept separate from the internet connection.
Modem
Modem users should make sure that the modem sound is played upon dial-in. This isn’t the best form of protection, because some dialers deactivate modem sound before they dial in. It will also draw your attention to the dialer dialing without permission, some dialers activate the connection without your knowledge. Alternatively, when you have finished your internet session, unplug the phone line from the wall that is connected to the modem.
Broadband Users
If you use a broadband connection, you are protected from dialers since they can not dial in via the network. There is a risk if you use an analogue modem for fax. In that case, there is only one way to protect the computer and that is to unplug it. If you need the secondary connection, tell your phone company to block PRNs.
Administration Rights On Windows NT/2000/XP
If you are using Windows NT/2000/XP, it is better not to log-in as administrator, but as a user. In this mode, installation of programs (including dialers) is not possible.
Turn Off Windows Messenger Service
Windows Messenger Service (not to be confused with MSN Messenger) is a good thing for sending short messages within a network. This technology can also be abused – you are bombarded by unwanted advertisements via the internet. If you wish to be safe, it is best to completely turn off the Windows Messenger service:
Windows XP: Start -> Control Panel ->Performance and Maintenance -> Administrative Tools Icon -> Double click Services -> Double Click Messenger -> In the Properties -> Click Stop : From the startup type drop down, select disabled -> Apply.
Block Expensive PRNs
The most effective protection from high fees is to tell your phone company to block PRNs. Please ask your phone company about blocking. If you do have PRNs blocked, make sure that foreign PRNs are also blocked. Many dubious firms use foreign PRNs to connect to the internet.
Protection Software
Protection software can deliver protection from unwanted, expensive dialers. Usually, these programs check the dial-up connections for new connections or unknown numbers. They block the dialer or at the very least show a warning message. Contrary to popular belief a firewall, in most cases, does not protect you from unwanted dialers. A firewall supervises the ports of a PC, but not the dial-up connection. A firewall might offer some control only if a dialer tries to download additional components, but the price of the phone call is still the same!
Hardware-Solutions
Telephone Equipment
Telephone equipment can be effective protection from unwanted dialers. If you have questions on how to configure your telephone equipment, consult the manufacturer. Be careful with telephone equipment that is connected directly to the computer. CAPI-ports are often used and dialers can use them to connect to the internet. Also, telephone equipment only offers useful protection if you are using a whitelist. Blacklists of phone numbers are useless because they can be avoided by adding provider numbers at the beginning of the PRN. Many telephone systems which include an integrated DSL-modem and USB-port have an ISDN-modem. If you have one of those, you are not safe; dialers can use the ISDN-modem to connect to the internet.
Router
If the settings are appropriate, a router can be used to block expensive PRNs. It can be dangerous if the router supports the “Fallback-function” (if dialing via DSL fails, ISDN is used) or offers fax services. You can find further information on this by contacting the router’s manufacturer.
Satellite Connections
Satellite connections only offer limited protection from unwanted dialers. The reason is that a back-channel is necessary in most cases which can be used by dialers to connect to the internet. Thus, if you are using a SAT-connection, you need the same security to protect you as you would need with ISDN or analog connections.
Careful Surfing
Mistrust
For many people, dialers are only used to earn money. The number of offers on the internet that can be reached by using a dialer is rising. This can be noticed when using a search engine like Google. The first ten pages are mostly pages that have been optimized to show up when specific words are searched, but can be only be reached via an expensive dialer. Thus, it is important for you as an internet user to have some healthy mistrust. Use caution if access to an offer is dependent on acceptance of a security certificate or if you are asked to type in something.
Symbols
Pay attention to unknown symbols in the task bar or on the desktop while surfing. These could be an indicator of a dialer. If you right-click on a symbol, you can find out the application it belongs to.
Check The Dial-Up Connections
Check your dial-up connection list regularly for new or unknown entries. If you find an uncommon number or a new entry, you should be careful.
Check Folder “downloaded program files”
Many dialers use this folder (usually C:Windowsdownloaded program files), to save their ActiveX-controls. These can cause an automated download or a dial-in of a dialer if you visit a specific web page. Check all entries in this folder regularly for their properties and owner listing. (Right-click on them). You can delete dubious controls by choosing “delete” from the context menu (right-click).
Is It A Reliable Firm?
If you are planning on using a dialer, check the firm offering it. Do they inform you about their charges and accounting period? Is there a contact page on the web site telling you who owns it and how you can contact them? Does the dialer mention the firm behind it? Are the general terms of service provided and is it possible to download and save them? Before using German dialer-offers, check with the “Behörde für Telekommunikation und Post” whether it is a registered dialer.
What To Do As A Victim Of a Malicious Dialer
- In order to be able to prove that you have been deceived or even cheated you have to have evidence for the authorities to investigate. Also, evidence strengthens your position if you are billed for no reason. Do not make the mistake of deleting or changing information. It often happens that victims delete data out of shame because they visited pornography sites but in doing so delete the evidence to show that they had been cheated.
- Write down the web site from where you downloaded the dialer (URL). If possible, make a screenshot of the site (press PrntScr on your keyboard, open a Word document and press Paste). Better still, download the whole site (File ->Save As…) onto your computer. If you got the dialer via email, save the whole email, including the header.
- Locate the dialer on your computer and save it do disk or CD-R. Save the web site, the screenshots or the mail that way, too.
- Find out who owns the PRN used and the web page.
- Create an image of your hard drive and save it to a disk or CD-R. The registry of your computer should be saved as well. (Start->Run->regedit-> Registry->Export Registry to file)
- Ask your phone company for an unedited list of connections from your telephone.
- If you are to report this to the police, do not change your computer’s configuration. That way, the police can trace the dialer’s manipulation. Give them all available, relevant data (owner of the Domain, name of the dialer etc.) and documents. If necessary bring your whole computer to the police station.
- If you are charged on your next phone bill, only pay the ‘normal’ phone charges and not the premium rate amounts. Send your complaint to your phone company in writing.
- Report to the relevant government institution that you were victim of an illegal dialer. In Germany this is the “Regulierungsbehörde für Telekommunikation und Post”. There are similar institutions in other countries as well. Submit your evidence and ask them to take legal proceedings against the dubious firm.
This article was created with friendly support of Dialerschutz.de, your knowledgebase about dialers.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a Great (Malware-Free) Day!